Adobe updates Shockwave for 5 critical vulnerabilities

By Sean Kerner | November 04, 2009

From the 'Shocking Updates' files:

Adobe Shockwave users, it's time to update.

Adobe has issued an updated version of its Shockwave Player to address 5 critical vulnerabilities. The flaws affect Adobe Shockwave Player
11.5.1.601 and prior versions. The new version is numbered 11.5.2.602.

"The vulnerabilities could allow an
attacker, who successfully exploits the vulnerabilities, to run
malicious code on the affected system," Adobe stated in its advisory.

Two of the vulnerabilities deal with invalid pointer issues that could lead to arbitrary code execution.

Arbitrary code execution is also the potential end result for two of the other flaws fixed by Adobe in this new Shockwave update. There is an invalid index issue that could also lead to code execution vulnerabilities. As well there is an invalid string length vulnerability
that has now been addressed.

A potential Denial of Service (DoS) attack vector is fixed in the Shockwave Player 11.5.2.602 release thanks to a fix for a boundary condition issue.

The Shockwave Player 11.5.2.602 is the third security update for the Adobe product this year.